From 7e1caaa2f408f3eb81482a98f12d4cdee3c2e043 Mon Sep 17 00:00:00 2001
From: Nemo <contact@wirebrass.fr>
Date: Fri, 2 Oct 2020 22:35:00 +0200
Subject: [PATCH] Start working on icinga2 server

---
 playbook_icinga2_deploy.yml                   |  5 ++
 roles/icinga2_server/README.md                | 43 +++++++++++
 roles/icinga2_server/defaults/main.yml        | 73 ++++++++++++++++++
 roles/icinga2_server/handlers/main.yml        | 12 +++
 .../tasks/configure_icinga2_api_feature.yml   | 38 ++++++++++
 .../icinga2_server/tasks/install_icinga2.yml  | 17 +++++
 .../tasks/install_icingaweb2.yml              | 10 +++
 roles/icinga2_server/tasks/install_ido.yml    | 22 ++++++
 .../icinga2_server/tasks/install_mariadb.yml  | 76 +++++++++++++++++++
 roles/icinga2_server/tasks/main.yml           | 10 +++
 roles/icinga2_server/tasks/repository.yml     | 14 ++++
 .../templates/api-users.conf.j2               | 23 ++++++
 roles/icinga2_server/templates/my.cnf.j2      |  5 ++
 .../icinga2_server/templates/settings.cnf.j2  | 38 ++++++++++
 roles/icinga2_server/vars/Debian.yml          | 17 +++++
 roles/web_as208585.net/README.md              |  4 +
 16 files changed, 407 insertions(+)
 create mode 100644 playbook_icinga2_deploy.yml
 create mode 100644 roles/icinga2_server/README.md
 create mode 100644 roles/icinga2_server/defaults/main.yml
 create mode 100644 roles/icinga2_server/handlers/main.yml
 create mode 100644 roles/icinga2_server/tasks/configure_icinga2_api_feature.yml
 create mode 100644 roles/icinga2_server/tasks/install_icinga2.yml
 create mode 100644 roles/icinga2_server/tasks/install_icingaweb2.yml
 create mode 100644 roles/icinga2_server/tasks/install_ido.yml
 create mode 100644 roles/icinga2_server/tasks/install_mariadb.yml
 create mode 100644 roles/icinga2_server/tasks/main.yml
 create mode 100644 roles/icinga2_server/tasks/repository.yml
 create mode 100644 roles/icinga2_server/templates/api-users.conf.j2
 create mode 100644 roles/icinga2_server/templates/my.cnf.j2
 create mode 100644 roles/icinga2_server/templates/settings.cnf.j2
 create mode 100644 roles/icinga2_server/vars/Debian.yml

diff --git a/playbook_icinga2_deploy.yml b/playbook_icinga2_deploy.yml
new file mode 100644
index 0000000..5b2a2f1
--- /dev/null
+++ b/playbook_icinga2_deploy.yml
@@ -0,0 +1,5 @@
+---
+- hosts: icinga2_server
+  roles:
+    - icinga2_server
+ 
diff --git a/roles/icinga2_server/README.md b/roles/icinga2_server/README.md
new file mode 100644
index 0000000..cec2ec1
--- /dev/null
+++ b/roles/icinga2_server/README.md
@@ -0,0 +1,43 @@
+Ansible Role: icinga2_server
+=========
+
+This role deploys as208585 webfiles on a GNU/Linux server.
+
+Requirements
+------------
+
+None.
+
+Role Variables
+--------------
+
+All variables and default values are defined in `defaults/main.yml` :
+
+    # Files location for as208585.net website
+    website_location: "/var/www/html/as208585.net"
+    
+    # Web user
+    website_user: "www-data"
+    website_group: "www-data"
+
+Dependencies
+------------
+
+None.
+
+Example Playbook
+----------------
+
+    - hosts: web_server
+      roles:
+        - icinga2_server
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+This role was created in 2020 by Nemo.
diff --git a/roles/icinga2_server/defaults/main.yml b/roles/icinga2_server/defaults/main.yml
new file mode 100644
index 0000000..d7faed3
--- /dev/null
+++ b/roles/icinga2_server/defaults/main.yml
@@ -0,0 +1,73 @@
+---
+
+icinga2_server_apt_repository: "deb http://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release }} main"
+icinga2_server_apt_key: "http://packages.icinga.com/icinga.key"
+
+icinga2_server_icinga2_package: icinga2
+icinga2_server_monitoring_plugins_package: monitoring-plugins
+
+icinga2_server_icinga2_service: icinga2
+
+icinga2_server_mariadb_server_package: mariadb-server
+icinga2_server_mariadb_client_package: mariadb-client
+icinga2_server_mariadb_python_package: python-mysqldb
+icinga2_server_icinga2_ido_mysql_package: icinga2-ido-mysql
+icinga2_server_icingaweb2_package: icingaweb2
+icinga2_server_icingacli_package: icingacli
+icinga2_server_apache_httpd_package: apache2
+icinga2_server_apache_httpd_service: apache2
+
+icinga2_server_user: nagios
+icinga2_server_group: nagios
+
+icinga2_server_mariadb_service: mariadb
+
+icinga2_server_mariadb_root_password: needToBeChanged
+
+icinga2_server_mariadb_bind_address: '127.0.0.1'
+icinga2_server_mariadb_performance_schema: on
+icinga2_server_mariadb_skip_name_resolve: 1
+icinga2_server_mariadb_max_connections: 100
+icinga2_server_mariadb_connect_timeout: 2
+icinga2_server_mariadb_max_allowed_packet: 10M
+icinga2_server_mariadb_innodb_buffer_pool_instances: 1
+icinga2_server_mariadb_innodb_buffer_pool_size: 100M
+icinga2_server_mariadb_innodb_log_file_size: 25M
+icinga2_server_mariadb_table_cache: 1000
+icinga2_server_mariadb_tmp_table_size: 50M
+icinga2_server_mariadb_max_heap_table_size: 50M
+icinga2_server_mariadb_query_cache_limit: 256K
+icinga2_server_mariadb_query_cache_type: 0
+icinga2_server_mariadb_query_cache_size: 0
+icinga2_server_mariadb_query_cache_min_res_unit: 2k
+icinga2_server_mariadb_join_buffer_size: 2M
+icinga2_server_mariadb_sort_buffer_size: 256K
+icinga2_server_mariadb_read_buffer_size: 128K
+icinga2_server_mariadb_read_rnd_buffer_size: 4M
+icinga2_server_mariadb_key_buffer: 500M
+icinga2_server_mariadb_slow_query_log: true
+icinga2_server_mariadb_long_query_time: 5
+icinga2_server_mariadb_log_slow_admin_statements: true
+icinga2_server_mariadb_log_queries_not_using_indexes: true
+
+icinga2_server_mariadb_databases:
+  - icinga
+  - icingaweb2
+
+icinga2_server_mariadb_users:
+  icinga_user:
+    name: "icinga_user"
+    password: "needToBeChanged"
+    priv: "icinga.*:ALL"
+  icingaweb2_user:
+    name: "icingaweb2_user"
+    password: "needToBeChanged"
+    priv: "icinga.*:ALL"
+
+icinga2_server_mariadb_icinga_schema_location: "/usr/share/icinga2-ido-mysql/schema/mysql.sql"
+
+icinga2_server_api_users:
+  - username: root
+    password: 'needToBeChanged'
+    permissions: '*'
+
diff --git a/roles/icinga2_server/handlers/main.yml b/roles/icinga2_server/handlers/main.yml
new file mode 100644
index 0000000..8861df5
--- /dev/null
+++ b/roles/icinga2_server/handlers/main.yml
@@ -0,0 +1,12 @@
+---
+
+- name: package repository updated
+  apt:
+    update_cache: yes
+  when: ansible_os_family == 'Debian'
+
+- name: "restart icinga2"
+  service:
+    name: "{{ icinga2_server_icinga2_service }}"
+    enabled: yes
+    state: restarted
diff --git a/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml b/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml
new file mode 100644
index 0000000..e0e244e
--- /dev/null
+++ b/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml
@@ -0,0 +1,38 @@
+---
+- name: Apache HTTPD installed
+  package:
+    name: "{{ icinga2_server_apache_httpd_package }}"
+    state: present
+
+- name: Apache HTTPD started and enabled
+  service:
+    name: '{{ icinga2_server_apache_httpd_service }}'
+    enabled: true
+    state: started
+
+- name: api-users.conf file installed
+  template:
+    src: api-users.conf.j2
+    dest: /etc/icinga2/conf.d/api-users.conf
+    owner: "{{ icinga2_server_user }}"
+    group: "{{ icinga2_server_group }}"
+    mode: 0640
+  notify: restart icinga2
+  register: apiusers
+  no_log: True
+
+- name: execute icinga2 api setup command
+  command: icinga2 api setup
+  args:
+    creates: /var/lib/icinga2/ca/ca.crt
+  notify: restart icinga2
+  when: apiusers.changed
+
+- name: Icinga2 api feature enabled
+  icinga2_feature:
+    name: api
+    state: present
+  notify: restart icinga2
+
+- name: Flush handlers
+  meta: flush_handlers
diff --git a/roles/icinga2_server/tasks/install_icinga2.yml b/roles/icinga2_server/tasks/install_icinga2.yml
new file mode 100644
index 0000000..898eb6d
--- /dev/null
+++ b/roles/icinga2_server/tasks/install_icinga2.yml
@@ -0,0 +1,17 @@
+---
+- name: Icinga2 installed
+  package:
+    name: "{{ icinga2_server_icinga2_package }}"
+    state: present
+
+- name: Monitoring-plugins installed
+  package:
+    name: "{{ icinga2_server_monitoring_plugins_package }}"
+    state: present
+
+- name: Icinga2 started and enabled
+  service:
+    name: '{{ icinga2_server_icinga2_service }}'
+    enabled: true
+    state: started
+
diff --git a/roles/icinga2_server/tasks/install_icingaweb2.yml b/roles/icinga2_server/tasks/install_icingaweb2.yml
new file mode 100644
index 0000000..4ce4306
--- /dev/null
+++ b/roles/icinga2_server/tasks/install_icingaweb2.yml
@@ -0,0 +1,10 @@
+---
+- name: Icingaweb2 installed
+  package:
+    name: "{{ icinga2_server_icingaweb2_package }}"
+    state: present
+
+- name: Icingacli installed
+  package:
+    name: "{{ icinga2_server_icingacli_package }}"
+    state: present
diff --git a/roles/icinga2_server/tasks/install_ido.yml b/roles/icinga2_server/tasks/install_ido.yml
new file mode 100644
index 0000000..aff02d6
--- /dev/null
+++ b/roles/icinga2_server/tasks/install_ido.yml
@@ -0,0 +1,22 @@
+---
+- name: Icinga2 IDO MySQL module installed
+  package:
+    name: "{{ icinga2_server_icinga2_ido_mysql_package }}"
+    state: present
+  register: idoinstalled
+
+- name: Icinga DB schema imported
+  mysql_db:
+    state: import
+    name: icinga
+    target: "{{ icinga2_server_mariadb_icinga_schema_location }}"
+  when: idoinstalled.changed
+
+- name: Icinga2 ido-mysql feature enabled
+  icinga2_feature:
+    name: ido-mysql
+    state: present
+  notify: restart icinga2
+
+- name: Flush handlers
+  meta: flush_handlers
diff --git a/roles/icinga2_server/tasks/install_mariadb.yml b/roles/icinga2_server/tasks/install_mariadb.yml
new file mode 100644
index 0000000..8cd00a2
--- /dev/null
+++ b/roles/icinga2_server/tasks/install_mariadb.yml
@@ -0,0 +1,76 @@
+---
+- name: MariaDB server installed
+  package:
+    name: "{{ icinga2_server_mariadb_server_package }}"
+    state: present
+
+- name: MariaDB client installed
+  package:
+    name: "{{ icinga2_server_mariadb_client_package }}"
+    state: present
+
+- name: MariaDB Python installed
+  package:
+    name: "{{ icinga2_server_mariadb_python_package }}"
+    state: present
+
+- name: MariaDB started and enabled
+  service:
+    name: '{{ icinga2_server_mariadb_service }}'
+    enabled: true
+    state: started
+
+- name: ~/.my.cnf configured for root user
+  template:
+    src: my.cnf.j2
+    dest: /root/.my.cnf
+    owner: root
+    group: root
+    mode: 0600
+  no_log: True
+
+- name: root password updated
+  mysql_user:
+    name: root
+    host: "{{ item }}"
+    password: "{{ icinga2_server_mariadb_root_password }}"
+    state: present
+  with_items:
+    - 127.0.0.1
+    - ::1
+    - localhost
+  no_log: True
+
+- name: test databased deleted
+  mysql_db:
+    name: test
+    state: absent
+
+- name: anonymous users deleted
+  mysql_user:
+    name: ''
+    host: "{{ item }}"
+    state: absent
+  with_items:
+    - localhost
+    - 127.0.0.1
+    - ::1
+  no_log: True
+
+- name: databases created
+  mysql_db:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - "{{ icinga2_server_mariadb_databases }}"
+
+- name: Icinga user created
+  mysql_user:
+    name: "{{ item.value.name }}"
+    password: "{{ item.value.password }}"
+    priv: "{{ item.value.priv }}"
+    state: present
+  with_dict: "{{ icinga2_server_mariadb_users }}"
+  no_log: True
+
+
diff --git a/roles/icinga2_server/tasks/main.yml b/roles/icinga2_server/tasks/main.yml
new file mode 100644
index 0000000..b0e4815
--- /dev/null
+++ b/roles/icinga2_server/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Include OS-specific variables.
+  include_vars: "{{ ansible_os_family }}.yml"
+
+#- import_tasks: repository.yml
+#- import_tasks: install_icinga2.yml
+- import_tasks: install_mariadb.yml
+#- import_tasks: install_ido.yml
+#- import_tasks: configure_icinga2_api_feature.yml
+#- import_tasks: install_icingaweb2.yml
diff --git a/roles/icinga2_server/tasks/repository.yml b/roles/icinga2_server/tasks/repository.yml
new file mode 100644
index 0000000..85a664e
--- /dev/null
+++ b/roles/icinga2_server/tasks/repository.yml
@@ -0,0 +1,14 @@
+---
+- name: Icinga apt key installed
+  apt_key:
+    url: '{{ icinga2_server_apt_key }}'
+    state: present
+  when: ansible_os_family == 'Debian'
+
+- name: Icinga APT repository configured
+  apt_repository:
+    repo: '{{ icinga2_server_apt_repository }}'
+    state: present
+  when: ansible_os_family == 'Debian'
+  notify: package repository updated
+
diff --git a/roles/icinga2_server/templates/api-users.conf.j2 b/roles/icinga2_server/templates/api-users.conf.j2
new file mode 100644
index 0000000..9dd9971
--- /dev/null
+++ b/roles/icinga2_server/templates/api-users.conf.j2
@@ -0,0 +1,23 @@
+/**
+ *  {{ ansible_managed }}
+ */
+
+{% for user in icinga2_server_api_users %}
+object ApiUser "{{ user.username }}" {
+  password = "{{ user.password }}"
+{% if user.permissions is string %}
+  permissions = [ "{{ user.permissions }}" ]
+{% else %}
+  permissions = [
+{% for permission in user.permissions %}
+    {
+      permission = "{{ permission.name }}"
+{% if permission.filter is defined %}
+      filter = {{ '{{' }} {{ permission.filter }} {{ '}}' }}
+{% endif %}
+    },
+{% endfor %}
+  ]
+{% endif %}
+}
+{% endfor %}
diff --git a/roles/icinga2_server/templates/my.cnf.j2 b/roles/icinga2_server/templates/my.cnf.j2
new file mode 100644
index 0000000..19090a9
--- /dev/null
+++ b/roles/icinga2_server/templates/my.cnf.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+[client]
+user=root
+password={{ icinga2_server_mariadb_root_password }}
diff --git a/roles/icinga2_server/templates/settings.cnf.j2 b/roles/icinga2_server/templates/settings.cnf.j2
new file mode 100644
index 0000000..64ea61d
--- /dev/null
+++ b/roles/icinga2_server/templates/settings.cnf.j2
@@ -0,0 +1,38 @@
+# {{ ansible_managed }}
+
+[client]
+user                           = root
+password                       = {{ icinga2_server_mariadb_root_password }}
+
+[mysqld]
+bind_address                   = {{ icinga2_server_mariadb_bind_address }}
+performance_schema             = {{ icinga2_server_mariadb_performance_schema }}
+skip-name-resolve              = {{ icinga2_server_mariadb_skip_name_resolve }}
+
+max_connections                = {{ icinga2_server_mariadb_max_connections }}
+connect_timeout                = {{ icinga2_server_mariadb_connect_timeout }}
+max_allowed_packet             = {{ icinga2_server_mariadb_max_allowed_packet }}
+
+innodb_buffer_pool_instances   = {{ icinga2_server_mariadb_innodb_buffer_pool_instances }}
+innodb_buffer_pool_size        = {{ icinga2_server_mariadb_innodb_buffer_pool_size }}
+innodb_log_file_size           = {{ icinga2_server_mariadb_innodb_log_file_size }}
+table_cache                    = {{ icinga2_server_mariadb_table_cache }}
+
+tmp_table_size                 = {{ icinga2_server_mariadb_tmp_table_size }}
+max_heap_table_size            = {{ icinga2_server_mariadb_max_heap_table_size }}
+
+query_cache_type               = {{ icinga2_server_mariadb_query_cache_type }}
+query_cache_limit              = {{ icinga2_server_mariadb_query_cache_limit }}
+query_cache_size               = {{ icinga2_server_mariadb_query_cache_size }}
+query_cache_min_res_unit       = {{ icinga2_server_mariadb_query_cache_min_res_unit }}
+
+join_buffer_size               = {{ icinga2_server_mariadb_join_buffer_size }}
+sort_buffer_size               = {{ icinga2_server_mariadb_sort_buffer_size }}
+read_buffer_size               = {{ icinga2_server_mariadb_read_buffer_size }}
+read_rnd_buffer_size           = {{ icinga2_server_mariadb_read_rnd_buffer_size }}
+key_buffer                     = {{ icinga2_server_mariadb_key_buffer }}
+
+slow_query_log                 = {{ icinga2_server_mariadb_slow_query_log }}
+long_query_time                = {{ icinga2_server_mariadb_long_query_time }}
+log_slow_admin_statements      = {{ icinga2_server_mariadb_log_slow_admin_statements }}
+log_queries_not_using_indexes  = {{ icinga2_server_mariadb_log_queries_not_using_indexes }}
diff --git a/roles/icinga2_server/vars/Debian.yml b/roles/icinga2_server/vars/Debian.yml
new file mode 100644
index 0000000..6223902
--- /dev/null
+++ b/roles/icinga2_server/vars/Debian.yml
@@ -0,0 +1,17 @@
+---
+
+icinga2_server_icinga2_package: icinga2
+icinga2_server_monitoring_plugins_package: monitoring-plugins
+icinga2_server_icinga2_service: icinga2
+icinga2_server_mariadb_server_package: mariadb-server
+icinga2_server_mariadb_client_package: mariadb-client
+icinga2_server_mariadb_service: mariadb
+icinga2_server_mariadb_python_package: python-mysqldb
+icinga2_server_icinga2_ido_mysql_package: icinga2-ido-mysql
+icinga2_server_mariadb_icinga_schema_location: "/usr/share/icinga2-ido-mysql/schema/mysql.sql"
+icinga2_server_icingaweb2_package: icingaweb2
+icinga2_server_icingacli_package: icingacli
+icinga2_server_apache_httpd_package: apache2
+icinga2_server_apache_httpd_service: apache2
+icinga2_server_user: nagios
+icinga2_server_group: nagios
diff --git a/roles/web_as208585.net/README.md b/roles/web_as208585.net/README.md
index bb14cb4..bb19f74 100644
--- a/roles/web_as208585.net/README.md
+++ b/roles/web_as208585.net/README.md
@@ -15,6 +15,10 @@ All variables and default values are defined in `defaults/main.yml` :
 
     # Files location for as208585.net website
     website_location: "/var/www/html/as208585.net"
+    
+    # Web user
+    website_user: "www-data"
+    website_group: "www-data"
 
 Dependencies
 ------------